{"id":11576,"date":"2022-07-11T12:33:40","date_gmt":"2022-07-11T12:33:40","guid":{"rendered":"https:\/\/bitcoinwisdom.com\/?p=11576"},"modified":"2022-07-11T12:33:44","modified_gmt":"2022-07-11T12:33:44","slug":"hackers-exploit-nft-platform-omni","status":"publish","type":"post","link":"https:\/\/bitcoinwisdom.com\/fr\/hackers-exploit-nft-platform-omni\/","title":{"rendered":"$1.4M dans ETH perdu apr\u00e8s que des pirates aient exploit\u00e9 la plate-forme NFT OMNI"},"content":{"rendered":"<ul class=\"wp-block-list\"><li><strong>Environ 1 300 ETH ($1,4 million) ont \u00e9t\u00e9 perdus apr\u00e8s que les attaquants ont exploit\u00e9 OMNI<\/strong><\/li><li><strong>Le projet, qui est encore en phase BETA,<\/strong><strong> a \u00e9t\u00e9 suspendu<\/strong><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<p>Dimanche, la plate-forme financi\u00e8re NFT OMNI a \u00e9t\u00e9 attaqu\u00e9e, entra\u00eenant une perte de 1 300 Ether (ETH), d&#039;une valeur d&#039;environ $1,4 million au moment de l&#039;exploit.\u00a0<\/p>\n\n\n\n<p>OMNI, qui pr\u00eate des crypto-monnaies en \u00e9change de jalonnement NFT, <a href=\"https:\/\/twitter.com\/peckshield\/status\/1546096506159058947\" class=\"ek-link\" rel=\"nofollow noopener\" target=\"_blank\">perdu les fonds<\/a> suite au jalonnement NFT de mauvaise foi de la collection Doodle. L&#039;attaquant a d&#039;abord d\u00e9pos\u00e9 des Doodles en garantie pour pr\u00eater de l&#039;ETH envelopp\u00e9 (wETH). Apr\u00e8s avoir obtenu le pr\u00eat, ils ont retir\u00e9 tous les doodles sauf un, ce qui a entra\u00een\u00e9 une fonction de rappel qui a annul\u00e9 la dette apr\u00e8s le point de r\u00e9entrance. Cela a fait de l&#039;ETH emprunt\u00e9 une cr\u00e9ance irr\u00e9couvrable que l&#039;attaquant n&#039;\u00e9tait pas tenu de payer.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">2\/ Le code vuln\u00e9rable est pr\u00e9sent\u00e9 ci-dessous. Lors de la r\u00e9entrance, l&#039;attaquant a utilis\u00e9 des NFT pour emprunter des ETH. Et puis la dette a \u00e9t\u00e9 effac\u00e9e apr\u00e8s le point de r\u00e9entrance, faisant de l&#039;ETH emprunt\u00e9 une cr\u00e9ance irr\u00e9couvrable que l&#039;attaquant n&#039;a pas besoin de payer. <a href=\"https:\/\/t.co\/TxdNvIFr0q\" rel=\"nofollow\">pic.twitter.com\/TxdNvIFr0q<\/a><\/p>\u2013 BlockSec (@BlockSecTeam) <a href=\"https:\/\/twitter.com\/BlockSecTeam\/status\/1546141467537981441?ref_src=twsrc%5Etfw\" rel=\"nofollow noopener\" target=\"_blank\">10 juillet 2022<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>Une fois que l&#039;attaquant en avait termin\u00e9 avec ces deux \u00e9tapes, le seul Doodle restant sur la plateforme ne suffisait plus \u00e0 couvrir la dette contract\u00e9e. Le syst\u00e8me a liquid\u00e9 la position, ce qui a \u00e9galement laiss\u00e9 le Doodle restant entre les mains de l&#039;attaquant.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Suspension du protocole OMNI<\/h2>\n\n\n\n<p>Les d\u00e9veloppeurs en charge ont suspendu le protocole NFT, qui \u00e9tait d\u00e9j\u00e0 en phase b\u00eata, pendant qu&#039;ils effectuent des audits et appliquent des mises \u00e0 jour de s\u00e9curit\u00e9. De plus, OMNI a r\u00e9v\u00e9l\u00e9 que le piratage n&#039;affectait aucun fonds d&#039;utilisateur, indiquant que les wETH vol\u00e9s \u00e9taient des \u00abfonds de test internes\u00bb.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/twitter.com\/OMNI_xyz\/status\/1546143829375459332\n<\/div><\/figure>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u00ab OMNI est toujours en test (b\u00eata). Aucun fonds client n&#039;a \u00e9t\u00e9 perdu\u00a0; seuls les fonds de tests internes ont \u00e9t\u00e9 touch\u00e9s\u00a0! Nous avons suspendu le protocole OMNI jusqu&#039;\u00e0 ce que nous terminions l&#039;enqu\u00eate et que tout soit \u00e0 nouveau examin\u00e9 par des soci\u00e9t\u00e9s de s\u00e9curit\u00e9 et d&#039;audit externes.<\/p><cite>il a d\u00e9clar\u00e9<\/cite><\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">Aucune possibilit\u00e9 d&#039;appel direct<\/h2>\n\n\n\n<p>Avec l&#039;augmentation des attaques DeFi, les d\u00e9veloppeurs attaqu\u00e9s ces jours-ci lancent fr\u00e9quemment des appels directs aux pirates, promettant de les accepter comme un \u00e9v\u00e9nement chapeau blanc en \u00e9change de la majorit\u00e9 ou de la totalit\u00e9 des fonds restitu\u00e9s. Cela s&#039;est parfois bien pass\u00e9; par exemple, l&#039;exploiteur d&#039;Optimism a rembours\u00e9 la majorit\u00e9 de l&#039;argent apr\u00e8s avoir demand\u00e9 conseil \u00e0 Vitalik Buterin.<\/p>\n\n\n\n<p>Cependant, OMNI n&#039;a jamais eu l&#039;occasion de faire appel, car l&#039;enqu\u00eate de PeckShield r\u00e9v\u00e8le que les attaquants li\u00e9s \u00e0 la r\u00e9entrance ont m\u00e9lang\u00e9 les fonds vol\u00e9s via le protocole d\u00e9centralis\u00e9 TornadoCash, un service de m\u00e9lange qui masque l&#039;origine des fonds. En utilisant cela, les attaquants ont blanchi tous les gains vol\u00e9s.<\/p>","protected":false},"excerpt":{"rendered":"<p>Environ 1 300 ETH ($1,4 million) ont \u00e9t\u00e9 perdus apr\u00e8s que des attaquants ont exploit\u00e9 OMNI Le projet, qui est toujours en phase BETA, a \u00e9t\u00e9 suspendu Dimanche, la plateforme de financement NFT OMNI a \u00e9t\u00e9 attaqu\u00e9e, entra\u00eenant une perte de 1 300 Ether (ETH), d&#039;une valeur d&#039;environ $1,4 million au moment de l&#039;exploit. OMNI, qui pr\u00eate des crypto-monnaies dans [\u2026]<\/p>","protected":false},"author":21,"featured_media":11587,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_editorskit_title_hidden":false,"_editorskit_reading_time":1,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","_uag_custom_page_level_css":"","footnotes":""},"categories":[12],"tags":[172],"class_list":["post-11576","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-crypto"],"acf":[],"uagb_featured_image_src":{"full":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2022\/07\/OMNI.jpg",1200,675,false],"thumbnail":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2022\/07\/OMNI-500x330.jpg",500,330,true],"medium":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2022\/07\/OMNI-300x169.jpg",300,169,true],"medium_large":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2022\/07\/OMNI-768x432.jpg",640,360,true],"large":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2022\/07\/OMNI-1024x576.jpg",640,360,true],"1536x1536":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2022\/07\/OMNI.jpg",1200,675,false],"2048x2048":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2022\/07\/OMNI.jpg",1200,675,false],"trp-custom-language-flag":["https:\/\/bitcoinwisdom.com\/wp-content\/uploads\/2022\/07\/OMNI-18x10.jpg",18,10,true]},"uagb_author_info":{"display_name":"Parth Dubey","author_link":"https:\/\/bitcoinwisdom.com\/fr\/author\/parth\/"},"uagb_comment_info":0,"uagb_excerpt":"Approximately 1,300 ETH ($1.4 million) were lost after attackers exploited OMNI The project, which is still in the BETA phase, has been suspended On Sunday, NFT finance platform OMNI was attacked, leading to a loss of 1,300 Ether (ETH), worth around $1.4 million at the time of the exploit.\u00a0 OMNI, which lends out cryptocurrencies in\u2026","_links":{"self":[{"href":"https:\/\/bitcoinwisdom.com\/fr\/wp-json\/wp\/v2\/posts\/11576","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitcoinwisdom.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoinwisdom.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitcoinwisdom.com\/fr\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoinwisdom.com\/fr\/wp-json\/wp\/v2\/comments?post=11576"}],"version-history":[{"count":0,"href":"https:\/\/bitcoinwisdom.com\/fr\/wp-json\/wp\/v2\/posts\/11576\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitcoinwisdom.com\/fr\/wp-json\/wp\/v2\/media\/11587"}],"wp:attachment":[{"href":"https:\/\/bitcoinwisdom.com\/fr\/wp-json\/wp\/v2\/media?parent=11576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoinwisdom.com\/fr\/wp-json\/wp\/v2\/categories?post=11576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoinwisdom.com\/fr\/wp-json\/wp\/v2\/tags?post=11576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}